audit automation as the foundation of continuous auditing n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Audit Automation as the Foundation of Continuous Auditing PowerPoint Presentation
Download Presentation
Audit Automation as the Foundation of Continuous Auditing

Loading in 2 Seconds...

play fullscreen
1 / 13

Audit Automation as the Foundation of Continuous Auditing - PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on

Audit Automation as the Foundation of Continuous Auditing. Michael Alles Alexander Kogan Miklos A. Vasarhelyi J. Donald Warren, Jr. Audit Automation as the Foundation of Continuous Auditing. The Case for Audit Automation. Automation of business processes

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Audit Automation as the Foundation of Continuous Auditing' - irma


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
audit automation as the foundation of continuous auditing

Audit Automation as the Foundation of Continuous Auditing

Michael Alles

Alexander Kogan

Miklos A. Vasarhelyi

J. Donald Warren, Jr.

the case for audit automation

Audit Automation as the Foundation of Continuous Auditing

The Case for Audit Automation

Automation of business processes

Labor-intensive repetitive audit work

Cost and availability of qualified audit personnel

Budgetary pressure on internal audit departments

Complexity of business transactions and increasing risk exposure

Scale and scope of audit procedures

Timeliness of audit results

CA/R/Lab

audit automation work sequence

Audit Automation as the Foundation of Continuous Auditing

Audit Automation Work Sequence

Identification and engagement of stakeholders:

Business process owners

IT personnel

Internal auditors

Composition of audit automation teams

Automation of audit procedures

Duplicate automation is ideal but too expensive

Verification of automated procedures

Independent verification by experienced auditors

Approval of automated audit program

CA/R/Lab

formalizing the audit program

Audit Automation as the Foundation of Continuous Auditing

Formalizing the Audit Program

Automation requires formalization

Formalized is usually automatable

Possibility of formalization is often underestimated

Benefits of formalization:

promotes precision and consistency

improves confidence in audit results

Reduces long-run audit costs

Problems with formalization

Many humans resist formal thinking

Formalization can be very laborious and costly

Certain complex judgments are not amenable to formalization

CA/R/Lab

re engineering the audit program

Audit Automation as the Foundation of Continuous Auditing

Re-engineering the Audit Program

Conventional audit programs are not designed for automation

Formalizable and judgmental procedures are often intermixed – redesign is required to separate them out

Re-engineering objective: maximize the proportion of automatable procedures in the audit program (i.e., reduce reliance on informal judgmental techniques)

Substitution of high frequency (“continuous”) automated procedures for eliminated manual methods

CA/R/Lab

continuous auditing ca as implementation of automated audit

Audit Automation as the Foundation of Continuous Auditing

Continuous Auditing (CA) as Implementation of Automated Audit

Formalized audit procedures are programmed into an automated audit system that can run continuously

CA = CCM + CDA

Continuous Control Monitoring (CCM):

Access Control and Authorizations

System Configuration and Business Process Settings

Continuous Data Assurance (CDA):

Master Data

Transactions

Analytics (including Continuity Equations)

CA/R/Lab

baseline monitoring baselining

Audit Automation as the Foundation of Continuous Auditing

Baseline Monitoring (Baselining)

Traditionally used in configuration management and IT security

Baseline – a snapshot of system configuration and business process settings

Deltas from baseline • exceptions

Critical issues:

Definition of baseline (the more static parameters are, the better they are suitable for baselining)

Initial verification of baseline values

Security of baseline (both definition and current values)

Accumulation of deltas • redefinition of baseline

CA/R/Lab

scalability of audit automation

Audit Automation as the Foundation of Continuous Auditing

Scalability of Audit Automation

Automation of highly specific audit procedures for different enterprise units can incur prohibitive costs

Automation will be scalable across the enterprise only if the repetitive audit procedure automation costs are eliminated

Strategies for making audit automation scalable:

Hierarchical structuring of automated audit procedures – from the most generic audit procedures applicable across the enterprise to the more specific ones for major units and subunits

Hierarchical updates

Parameterization of automated audit procedures

CA/R/Lab

architecture of automated audit

Audit Automation as the Foundation of Continuous Auditing

Architecture of Automated Audit

Organization of audit software:

integrated software – vs.

distributed (i.e., multi-agent-based) system

Access to the enterprise system and data:

Direct (either to the database or to the application layer)

Intermediated (through a business data warehouse)

Platform of audit software:

Common enterprise platform (EAM – embedded audit module)

Separate platform (MCL – monitoring and control layer)

Providers of audit software:

Common platform – enterprise software vendors

Separate platform – 3rd party vendors and audit firms

CA/R/Lab

mobile agents in automated audit

Audit Automation as the Foundation of Continuous Auditing

Mobile Agents in Automated Audit

Mobile agents can be transported to the enterprise platform to be run there (as EAM!)

Benefits of mobility (and EAM):

Protection against network connectivity outages

Event-triggered execution of audit procedures • potentially zero latency (not affected by network congestion)

More efficient for processing large volumes of enterprise data (on site – vs. moving that data over the network)

Problems with mobility (and EAM):

Protection of enterprise platform against (possibly malicious) agent

Protection of agent against possible manipulation by the platform

Impossibility of protecting the agent outweighs the benefits!

CA/R/Lab

securing continuous auditing

Audit Automation as the Foundation of Continuous Auditing

Securing Continuous Auditing

Location of continuous auditing hardware:

client’s premises

audit shop

Physical access security

Logical access security

Super-user privileges

Client’s IT personnel access

Export / import of CA system settings

CA/R/Lab

software for audit automation

Audit Automation as the Foundation of Continuous Auditing

Software for Audit Automation

ACL

CaseWare IDEA

Approva

Oversight Systems

Governance, Risk, and Compliance Solutions:

SAP GRC Access Control, Risk Management, Process Control (VIRSA)

Oracle Governance, Risk, and Compliance (LogicalApps)

IBM Workplace for Business Controls and Reporting

Paisley Enterprise GRC

OpenPages

AXENTIS Enterprise

BWise

Protiviti Governance Portal

CA/R/Lab

what s coming

Audit Automation as the Foundation of Continuous Auditing

What’s Coming?

AMR Research projects spending on government, risk and compliance applications and services will top $32.1 billion in 2008, up 7.4 % from 2007. In 2009, growth is projected at 7 %.

Hosted, or on-demand solutions

Integration of audit automation with audit working papers software

Transformation of internal audit

Structural changes in external audit

CA/R/Lab